Preparing for the cybersecurity paradigm shift

At eSentire, we take our business seriously. We’re passionate about the work that we do and acknowledge the unique risks that clients specifically operating in the financial space face on a daily basis. To gain recognition for the work that we do in any capacity is icing on the cake.

Thus, we’re honored to have received the Best Security Solution and Most Innovative Technology Solution awards at this week’s HFM US Technology Awards gala!

And while we’re grateful for moments like this, we recognize that our work is far from over. The frequency and complexity that we see with cyber attacks today is only going to continue to grow. Organizations operating in the financial space in particular have felt increasing pressure with the introduction of a 28-point cyber review questionnaire and looming U.S. Securities and Exchange Commission’s (SEC) Office of Compliance, Inspections and Examinations (OCIE) testing.

Several months ago the SEC launched the first round of cyber reviews, targeting 100+ firms as part of an initial fact-finding mission. The feedback gathered in this stage was meant to provide a snapshot of the industry’s overall cybersecurity posture while providing context for upcoming industry-wide examinations.

The original timeline detailed by the SEC suggested that industry-wide examinations would launch in September of 2014. It was expected that the results of the cyber reviews would provide a glimpse into what the exams would bring.

Just last week, HFMWeek Online reported exclusively that after months of speculation, the SEC is ready to announce next steps. The first of which will focus on independent testing, which is expected to be more thorough than that experienced with the 28-point questionnaire. OCIE Director Drew Bowden suggested that while the information collected through the 28-point questionnaire was informative, it in no way declared the preparedness of the industry.

If anything, the SEC’s initiative has spurred a radical shift in thinking. The OCIE expects that a summary of its questionnaire findings may be released sometime in March. In the meantime, plans are also underway to expand testing abroad (Europe, the UK and Asia).

The after-effects of last year’s record-breaking breaches continue to permeate the industry. Firms of all scale and scope recognize the very real risk of threats today. The SEC is just one regulatory association taking action to protect the national economy, and global assets. At eSentire, we recognize that education and preparation are fundamental steps in maintaining a sturdy cybersecurity posture. Taking a proactive stance can help firms protect their assets while preparing for any regulatory ask that might come their way.

In the spirit of planning, we’ve issued incident response and information security policy guidance framework documents. The checklist-style documents, available at no charge, provide an actionable framework for responding to and managing a proactive cybersecurity defense posture. Both documents have been released under a Creative Commons license (Creative Commons Attribution Non-Commercial (by-nc). Resources like these framework documents are a critical tool that firms can employ to build out fundamental cybersecurity plans and considerations. At eSentire we live by the adage that an ounce of prevention is worth a pound of cure. Last year’s radical paradigm shift exemplifies that point.

ABOUT THE AUTHOR

Eldon Sprickerhoff Founder and Advisor

Eldon Sprickerhoff is the original pioneer and inventor of what is now referred to as Managed Detection and Response (MDR). In founding eSentire, he responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over 20 years of tactical experience, Eldon is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.